image transcription:
a YouTube screenshot of a community post, which is a meme regarding incognito mode. it has two panels with an animated figure(person) and chrome logo (chrome) with limbs. in first panel, chrome is asking "which website would you line to see?", to which the person replies " I don't want you to know. " in second panel, chrome has become a ventriloquist, holding a masked muppet with sunglasses and a fedora(symbol for incognito on chrome). it is asking the person "what about telling Mr. incognito?", to which the person joyfully replies "okay."
the screenshot has a main comment with several replies. the main comment(by Paula_Amato) reads, "And then there's Tor browser e CD Catching my brother Scrolling through Tor was the second worst secret I know about him... The first is the website he was using."
replies to the comment:
[30 Pranay Pawar • 1 day ago] May God bless and have mercy on the bro's life. I would knock myself out for eternity if anybody i know found that out too.
[FArid ch. • 1 day ago] what onion website your brother access... out of curiosity
[Griffin McKenzie • 1 day ago (edited)] Tor is literally just a browser like any other but better.
It's a heavily modified firefox browser designed to work with something called "the onion network". It's called this because there are several nodes on the network designed to obfuscate your Internet traffic by wrapping a layer on your Internet traffic, creating an "onion". All of these layers mean that each node only knows what the previous and next nodes are. The most vulnerable nodes are the starting and exit nodes, because they can identify you and potentially trace back your IP. You also can't choose your starting or exit nodes. It's well known that the US federal government controls some of these exit nodes.
I still know incredibly little about the Tor browser and how it works, but I appreciate your response!
I guess I don't understand what the difference is between using the Tor browser and just using a VPN. I've also got very little idea what a "node" is so that's probably my issue haha.
Using a VPN makes your traffic travel through the VPN server to get encrypted before reaching the destination.
Using Tor basically does this 3 times, but it's decentralized so it goes through multiple different random relays before reaching the destination. And it changes which relays you're using every 10 minutes.
When using a VPN you're basically relying on your VPN service giving it their all when it comes to protecting your privacy, and also on them not bending over to the government if it wants to monitor you. Which you won't get with a lot of VPNs (especially not free VPNs).
Since Tor is decentralized and changes your connections frequently, it's virtually impossible to monitor someone using Tor. The chance that all 3 relays your traffic travels through are controlled by people coordinating to get you are slim in the first place, without even considering the relays changing.
You can also use both Tor and a VPN at once, but to do so properly is a lot more convoluted than just turning on your VPN and using Tor at the same time.
Newbie here. How would you do so properly?
Give this a read: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN
This sounds strictly better than a regular browser, is there some obvious downsides that im missing (I know I could google this but you write very clearly and concisely and if it's not too much trouble, I'd love to hear your views on this)
Really the only reason to use Tor is if you really need a certain type of privacy, or to bypass certain restrictions on websites. It's definitely not something to use as a daily driver, it can be cumbersome and using it incorrectly puts you at risk.
It doesn't have a lot of features that normal browsers use – it doesn't save history, some sites don't work on Tor because it does a lot of fancy stuff like blocking trackers. You shouldn't use extensions on Tor either, that can get you deanonymised.
It also doesn't guarantee a lot of protection against malicious actors on the web. You still have to be as cautious about what websites you use as you would on any other browser.
You also can't really do things that demand a lot of bandwith like downloading large files on Tor – speeds are extremely slow due to all of the privacy measures they take, and it causes a LOT of strain on Tor nodes and makes the experience worse for everyone. If you're pirating/torrenting, just use a VPN.
You shouldn't do anything on Tor that exposes personal/sensitive information, including logging onto websites with your personal accounts, that defeats almost the entire purpose of using it for the average user (anonymity) and can actually put you at risk.
Especially don't do anything like online banking or shopping on Tor. It's not suitable for secure online transactions.
Basically only use it for stuff that DOESN'T require personal/sensitive/identifying info, and stuff that DOESN'T use up a lot of bandwidth.
Honestly for the average person, Tor is completely useless. Most should only use it if they know there's something they may need to hide from a government/ISP/etc. Otherwise just Firefox with some extensions and changed settings will do.
It is usually much slower than a direct connection or a commercial VPN.
Also law enforcement, spy agencies and criminals all run public nodes to get lucky and grab as much data on you as possible. So you should never use TOR for unencrypted websites. But I'd say the same should be assumed when using a commercial VPN.
TOR and VPN at once is just dumb and probably less secure than just using TOR.
When you use a vpn, any traffic that would go between you and a website goes through the vpn first. Makes it hard for sites to know who you are and makes it hard for your isp to know what sites you visit.
When you use tor, any traffic that would go between you and a website is bounced around between a few different computers first. Similar to a vpn but is near impossible to track unless you’re a big gov agency with lots of resources.
There’s one thing missing from your reply: the vpn provider knows who you are and what you are doing, so it’s not better than an isp - just a trust tradeoff.
That brought things down to understandable levels for me. Thanks! Think I've got a grasp on it and kind of considering getting it myself.
Thanks for asking this follow-up question - until I read your comment, I hadn't realised that this is sort of my confusion about Tor too